Editor’s Note: The authors of this post are practice leaders at Zeichner, Ellman & Krause.
By Daniel Garrie, Head of Cyber Practice at ZEK, and Yoav M. Griver, Partner at ZEK and a member of its Cyber Practice
The year 2015 has come to an end, and cloud-based computing has entered the mainstream. One marketplace that is likely to see cloud-based computing become more fully enmeshed is the e-discovery marketplace.
“Cloud computing” is a generic term for Internet-based computing services, and is increasingly used to refer to a wide array of different services. Whatever the service, however, there is one basic difference between traditional computing and cloud-based computing. When you access a cloud for your computing needs, your desktop or your laptop isn’t the device doing the actual computing. Even though you continue to see the results of your efforts on your own screen, all the computing actually takes place elsewhere, usually in a data center that is both physically and legally outside your organization.
Put another way, “cloud computing” usually refers to a cloud alternative to some computer-based task that organizations traditionally manage in-house. For example, rather than a law firm hosting its e-mail on an internal server, email can be hosted in the cloud, removing the cost of maintaining and upgrading the server, and the attendant personnel who carry out those tasks.
Some law firms feel that having a hosted solution on-site is more practical than a cloud-based solution. This is no longer true. There are now dozens of different e-discovery platforms available to a firm that is interested in migrating to a cloud-based solution, with a variety of emerging players challenging the dominance of the current market leaders.
Each of the solutions (both old and new) have different selling points, but one thing the emerging players share is that they are finally aligning their cost with what the cost should be, which is not something often seen in the past with current entrenched solutions providers. This means that a firm can more easily find a cloud-based solution that is right for it, while paying a price that is likely less than the cost of maintaining the solution in-house.
In addition to price considerations, the most prevalent concern keeping most firms from migrating to cloud-based e-discovery is that of security. This is a real and abiding concern. However, law firms are often not entirely realistic when evaluating this concern. Fears about the cloud are sometimes based on a utopian vision of an organization’s current situation. The reality is that both cloud-based and on-premises software are susceptible to security lapses and data breaches.
Almost every e-discovery platform in the marketplace today requires some sort of connectivity to the Internet to obtain software updates, be it for the platform or the solution operating the platform. Consequently, law firms that elect to avoid cloud-driven solutions with the intention of offering clients greater security may not actually be providing greater security. Odds are that your security isn’t bulletproof, you don’t have 100 percent systems uptime, and you may not have the necessary amount of staff resources dedicated to IT management.
Moreover, most law firms do not have a Chief Information Security Officer (CISO) and team to assist in protecting the data being stored and accessed by these e-discovery solutions. By contrast, in the cloud, security and management are in the hands of trained, dedicated experts.
E-discovery cloud solution providers usually have a CISO, a dedicated staff, and a substantial budget that has been committed to protecting the provider’s data and systems. Because it is essential to their business, providers are willing to dedicate the resources, and have far greater experience, in protecting the copious amounts of data that they handle from internal and external attack.
That said, not all cloud e-discovery solutions are created equally, and a law firm should tread carefully when considering the switch from in-house e-discovery to cloud-based e-discovery. A law firm still must evaluate each of these solutions closely, looking at encryption, cyber security controls, people/team, geography, access controls, and a host of other pieces, as a means of narrowing the field or arriving at the right provider.
For example, cloud computing remains a quickly changing field, and there’s always the danger that the provider you are relying on might go out of business or radically change its service.
Accordingly, a law firm must carefully consider, and place in writing, what happens if the e-discovery provider fails entirely and shuts down, or enters into bankruptcy. When evaluating cloud providers, find out what options you have for backing up and extracting your data in the event of a radical change of circumstances. Contingencies should be put in place that makes abundantly clear that the law firm owns the data it has placed with the provider; that it has the right to immediately extract the hosted data from the provider under defined circumstances, and should even provide a specific mechanism for extracting the data.
In short, cloud-based solutions are now mature enough that law firms should begin to evaluate e-discovery cloud solutions for the potential cost savings to the firm, the increased cyber security over their clients data, and for the decrease to their clients of the exorbitant costs that can often be associated with the discovery process. Each of these is not only a potential benefit to the law firm, but a potential selling point to a client. Bear in mind, however, that, because technology is changing constantly, you can’t just evaluate cloud solutions once. An issue that’s a deal-breaker for you today may be fixed six months from now. And more cloud tools are being developed all the time. So even if you’re not quite ready for the cloud right now, you may find a good cloud solution at a later time.